Implement comprehensive improvement plan (Phases 1-6)

Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants

Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields

Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows

Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles

Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
  Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
  manage_recurring, custom_fields, get_users
- Add admin routes in index.php

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

migrations/014_add_additional_indexes.sql

@@ -0,0 +1,23 @@
+-- Migration: Add additional indexes for improved query performance
+-- Version: 014
+
+-- Index for audit log queries by user and date (activity reports)
+CREATE INDEX IF NOT EXISTS idx_audit_log_user_created ON audit_log(user_id, created_at DESC);
+
+-- Index for audit log queries by action type (security monitoring)
+CREATE INDEX IF NOT EXISTS idx_audit_log_action_type ON audit_log(action_type, created_at DESC);
+
+-- Index for tickets by status only (status filtering)
+CREATE INDEX IF NOT EXISTS idx_tickets_status ON tickets(status);
+
+-- Composite index for common dashboard queries (status + priority + created_at)
+CREATE INDEX IF NOT EXISTS idx_tickets_status_priority_created ON tickets(status, priority, created_at DESC);
+
+-- Index for ticket comments by ticket_id and date (comment listing)
+CREATE INDEX IF NOT EXISTS idx_comments_ticket_created ON ticket_comments(ticket_id, created_at DESC);
+
+-- Index for API keys by key value (authentication lookups)
+CREATE INDEX IF NOT EXISTS idx_api_keys_key_value ON api_keys(key_value);
+
+-- Index for user preferences lookup
+CREATE INDEX IF NOT EXISTS idx_user_preferences_user_key ON user_preferences(user_id, preference_key);

migrations/015_ticket_dependencies.sql

@@ -0,0 +1,15 @@
+-- Migration: Create ticket dependencies table
+-- Version: 015
+
+CREATE TABLE IF NOT EXISTS ticket_dependencies (
+    dependency_id INT AUTO_INCREMENT PRIMARY KEY,
+    ticket_id VARCHAR(9) NOT NULL,
+    depends_on_id VARCHAR(9) NOT NULL,
+    dependency_type ENUM('blocks', 'blocked_by', 'relates_to', 'duplicates') DEFAULT 'blocks',
+    created_by INT NULL,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    UNIQUE KEY unique_dependency (ticket_id, depends_on_id, dependency_type),
+    INDEX idx_ticket_id (ticket_id),
+    INDEX idx_depends_on_id (depends_on_id),
+    FOREIGN KEY (created_by) REFERENCES users(user_id) ON DELETE SET NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

migrations/016_ticket_attachments.sql

@@ -0,0 +1,18 @@
+-- Migration: Create ticket attachments table
+-- Date: 2026-01-19
+-- Description: Adds support for file attachments on tickets
+
+CREATE TABLE IF NOT EXISTS ticket_attachments (
+    attachment_id INT AUTO_INCREMENT PRIMARY KEY,
+    ticket_id VARCHAR(9) NOT NULL,
+    filename VARCHAR(255) NOT NULL,
+    original_filename VARCHAR(255) NOT NULL,
+    file_size INT NOT NULL,
+    mime_type VARCHAR(100) NOT NULL,
+    uploaded_by INT NULL,
+    uploaded_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (ticket_id) REFERENCES tickets(ticket_id) ON DELETE CASCADE,
+    FOREIGN KEY (uploaded_by) REFERENCES users(user_id) ON DELETE SET NULL,
+    INDEX idx_attachments_ticket (ticket_id),
+    INDEX idx_attachments_uploaded_by (uploaded_by)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

migrations/017_recurring_tickets.sql

@@ -0,0 +1,29 @@
+-- Migration: Create recurring tickets table
+-- Description: Enables automatic ticket creation on a schedule
+
+CREATE TABLE IF NOT EXISTS recurring_tickets (
+    recurring_id INT AUTO_INCREMENT PRIMARY KEY,
+    title_template VARCHAR(255) NOT NULL,
+    description_template TEXT,
+    category VARCHAR(50) DEFAULT 'General',
+    type VARCHAR(50) DEFAULT 'Task',
+    priority INT DEFAULT 4,
+    assigned_to INT NULL,
+    schedule_type ENUM('daily', 'weekly', 'monthly') NOT NULL,
+    schedule_day INT NULL COMMENT 'Day of week (1-7) for weekly, day of month (1-31) for monthly',
+    schedule_time TIME DEFAULT '09:00:00',
+    next_run_at TIMESTAMP NOT NULL,
+    last_run_at TIMESTAMP NULL,
+    is_active BOOLEAN DEFAULT TRUE,
+    created_by INT NULL,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    FOREIGN KEY (assigned_to) REFERENCES users(user_id) ON DELETE SET NULL,
+    FOREIGN KEY (created_by) REFERENCES users(user_id) ON DELETE SET NULL,
+    INDEX idx_recurring_next_run (next_run_at, is_active),
+    INDEX idx_recurring_active (is_active)
+);
+
+-- Sample recurring ticket for testing (commented out)
+-- INSERT INTO recurring_tickets (title_template, description_template, category, type, schedule_type, schedule_day, next_run_at)
+-- VALUES ('Weekly Server Maintenance Check', 'Perform weekly server health check and maintenance tasks.', 'Maintenance', 'Task', 'weekly', 1, NOW());

migrations/018_custom_fields.sql

@@ -0,0 +1,39 @@
+-- Migration: Create custom fields tables
+-- Description: Enables custom field definitions per category and stores field values
+
+-- Custom field definitions
+CREATE TABLE IF NOT EXISTS custom_field_definitions (
+    field_id INT AUTO_INCREMENT PRIMARY KEY,
+    field_name VARCHAR(100) NOT NULL,
+    field_label VARCHAR(255) NOT NULL,
+    field_type ENUM('text', 'textarea', 'select', 'checkbox', 'date', 'number') NOT NULL,
+    field_options JSON NULL COMMENT 'Options for select fields: {"options": ["Option 1", "Option 2"]}',
+    category VARCHAR(50) NULL COMMENT 'NULL = applies to all categories',
+    is_required BOOLEAN DEFAULT FALSE,
+    display_order INT DEFAULT 0,
+    is_active BOOLEAN DEFAULT TRUE,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    INDEX idx_custom_fields_category (category, is_active),
+    INDEX idx_custom_fields_order (display_order)
+);
+
+-- Custom field values for tickets
+CREATE TABLE IF NOT EXISTS custom_field_values (
+    value_id INT AUTO_INCREMENT PRIMARY KEY,
+    ticket_id VARCHAR(9) NOT NULL,
+    field_id INT NOT NULL,
+    field_value TEXT,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    UNIQUE KEY unique_ticket_field (ticket_id, field_id),
+    FOREIGN KEY (field_id) REFERENCES custom_field_definitions(field_id) ON DELETE CASCADE,
+    INDEX idx_custom_values_ticket (ticket_id)
+);
+
+-- Sample custom field definitions (commented out)
+-- INSERT INTO custom_field_definitions (field_name, field_label, field_type, category, is_required)
+-- VALUES
+--     ('affected_server', 'Affected Server', 'text', 'Hardware', false),
+--     ('incident_date', 'Incident Date', 'date', 'Security', true),
+--     ('software_version', 'Software Version', 'text', 'Software', false);